STIGQter: STIG Summary: ArcGIS for Server 10.3 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 26 Jan 2018:

The ArcGIS Server must be configured to disable non-essential capabilities.

DISA Rule

SV-79903r1_rule

Vulnerability Number

V-65413

Group Title

SRG-APP-000141

Rule Version

AGIS-00-000054

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Configure the ArcGIS Server to ensure non-essential capabilities are disabled. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]admin/system/handlers/rest/servicesdirectory (log on when prompted).

Uncheck the value for "Services Directory Enabled". Click "Save".

Check Contents

Review the ArcGIS Server configuration to ensure that non-essential capabilities are disabled. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]admin/system/handlers/rest/servicesdirectory (log on when prompted).

Verify that the "Services Directory" property is set to "Disabled".

If the "Services Directory" property is set to "Enabled", this is a finding.

Vulnerability Number

V-65413

Documentable

False

Rule Version

AGIS-00-000054

Severity Override Guidance

Review the ArcGIS Server configuration to ensure that non-essential capabilities are disabled. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]admin/system/handlers/rest/servicesdirectory (log on when prompted).

Verify that the "Services Directory" property is set to "Disabled".

If the "Services Directory" property is set to "Enabled", this is a finding.

Check Content Reference

M

Target Key

2961

Comments